In the past companies and the media - to no small degree - helped some to look to Android as not very secure platform. Errors in the code system received funny or scary names, their colorful logos and media coverage, sometimes verging on the apocalyptic hues. "Millions are in danger," "hundreds of thousands are at risk," etc. In fact, what it is theoretically possible, in practice it seems so far.
This is the opinion of Adrian Ludwig, director of security on Android, who was guest of RSA 2017. For example Stagefright, which was cause Google to start issuing updates for Android on a monthly basis, in theory really threaten 95% of all users of the mobile operating system. In practice, however, says Ludwig, no confirmed one case in which it is used the hole to be successfully compromised mobile device. Such was the case with the reported bug known as MasterKey from 2013. While 99% have been threatened in theory, successful exploits used to activate the vulnerability are equal one infection per million devices. And such was no before leaving details of exploiting the vulnerability. Ludwig's claims are based on statistics compiled by the Verify Apps, a feature that is present over 1.4 billion. Devices with Android. The service notifies Google on a reported compromise of the device. In addition, Ludwig says, he and his colleagues have not registered any really sophisticated malware that infects Android devices. Usually, most malicious programs here are not particularly well-written applications that do some annoying things in the background, not the malware that infects devices through web pages, text messages and the like. "Most of the things we encounter are not interesting in terms of protection. We get access to spam advertising fake antivirus programs, but basically this is social engineering. Even real malware to enter the device, it rarely appropriates privileggii and in most cases simply download other applications, "he says. The same thing, says Ludwig, happens in the ecosystem on Apple and iOS. One reason for this according to him is relatively properly secured operating systems that represent a restrictive environment for applications for this reason are the lessons learned from the PC industry.